From: Dan Williams <dan.j.williams@intel.com>
To: Ira Weiny <ira.weiny@intel.com>,
Dan Williams <dan.j.williams@intel.com>,
<linux-cxl@vger.kernel.org>
Cc: Davidlohr Bueso <dave@stgolabs.net>
Subject: Re: [PATCH v3 07/10] cxl/memdev: Fix sanitize vs decoder setup locking
Date: Mon, 9 Oct 2023 11:18:44 -0700 [thread overview]
Message-ID: <652444042bd98_ae7e7294ad@dwillia2-xfh.jf.intel.com.notmuch> (raw)
In-Reply-To: <65237eded9811_1d988429470@iweiny-mobl.notmuch>
Ira Weiny wrote:
> Dan Williams wrote:
> > The sanitize operation is destructive and the expectation is that the
> > device is unmapped while in progress. The current implementation does a
> > lockless check for decoders being active, but then does nothing to
> > prevent decoders from racing to be committed. Introduce state tracking
> > to resolve this race.
> >
> > This incidentally cleans up unpriveleged userspace from triggering mmio
> > read cycles by spinning on reading the 'securiry/state' attribute. Which
> > at a minimum is a waste since the kernel state machine can cache the
> > completion result.
> >
> > Lastly cxl_mem_sanitize() was mistakenly marked EXPORT_SYMBOL() in the
> > original implementation, but an export was never required.
> >
> > Fixes: 0c36b6ad436a ("cxl/mbox: Add sanitization handling machinery")
> > Cc: Davidlohr Bueso <dave@stgolabs.net>
> > Signed-off-by: Dan Williams <dan.j.williams@intel.com>
> > ---
>
> [snip]
>
> > --- a/drivers/cxl/core/hdm.c
> > +++ b/drivers/cxl/core/hdm.c
> > @@ -650,6 +650,25 @@ static int cxl_decoder_commit(struct cxl_decoder *cxld)
> > return -EBUSY;
> > }
> >
> > + /*
> > + * For endpoint decoders hosted on CXL memory devices that
> > + * support the sanitize operation, make sure sanitize is not in-flight.
> > + */
> > + if (is_endpoint_decoder(&cxld->dev)) {
> > + struct cxl_endpoint_decoder *cxled =
> > + to_cxl_endpoint_decoder(&cxld->dev);
> > + struct cxl_memdev *cxlmd = cxled_to_memdev(cxled);
> > + struct cxl_memdev_state *mds =
> > + to_cxl_memdev_state(cxlmd->cxlds);
> > +
> > + if (mds && mds->security.sanitize_active) {
>
> I'm curious why this check does not need to hold the mds->mbox_mutex? Or
> how this may be protected by the cxl_dpa_rwsem?
...because cxl_decoder_commit() knows it is holding the cxl_dpa_rwsem for
write which means that sanitize_active can not transition from false to
true in cxl_mem_sanitize().
It does mean that in-flight completions may race, but that's a benign race
where whatever triggered cxl_decoder_commit() is already in the position of
needing to wait for cxl_mbox_sanitize_work() to fire.
next prev parent reply other threads:[~2023-10-09 18:18 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-06 7:25 [PATCH v3 00/10] cxl/mem: Fix shutdown order Dan Williams
2023-10-06 7:26 ` [PATCH v3 01/10] cxl/pci: Remove unnecessary device reference management in sanitize work Dan Williams
2023-10-06 7:26 ` [PATCH v3 02/10] cxl/pci: Cleanup 'sanitize' to always poll Dan Williams
2023-10-09 17:19 ` Davidlohr Bueso
2023-10-09 18:39 ` Dan Williams
2023-10-09 20:48 ` Davidlohr Bueso
2023-10-06 7:26 ` [PATCH v3 03/10] cxl/pci: Remove hardirq handler for cxl_request_irq() Dan Williams
2023-10-06 22:06 ` Davidlohr Bueso
2023-10-09 3:29 ` Ira Weiny
2023-10-09 16:36 ` Jonathan Cameron
2023-10-13 16:59 ` Dave Jiang
2023-10-06 7:26 ` [PATCH v3 04/10] cxl/pci: Remove inconsistent usage of dev_err_probe() Dan Williams
2023-10-06 22:10 ` Davidlohr Bueso
2023-10-09 3:42 ` Ira Weiny
2023-10-09 16:38 ` Jonathan Cameron
2023-10-13 17:09 ` Dave Jiang
2023-10-06 7:26 ` [PATCH v3 05/10] cxl/pci: Clarify devm host for memdev relative setup Dan Williams
2023-10-09 3:50 ` Ira Weiny
2023-10-09 16:41 ` Jonathan Cameron
2023-10-13 17:12 ` Dave Jiang
2023-10-06 7:26 ` [PATCH v3 06/10] cxl/pci: Fix sanitize notifier setup Dan Williams
2023-10-09 16:42 ` Jonathan Cameron
2023-10-09 18:08 ` Davidlohr Bueso
2023-10-06 7:26 ` [PATCH v3 07/10] cxl/memdev: Fix sanitize vs decoder setup locking Dan Williams
2023-10-06 10:10 ` kernel test robot
2023-10-09 4:17 ` Ira Weiny
2023-10-09 18:18 ` Dan Williams [this message]
2023-10-09 22:32 ` Dan Williams
2023-10-09 16:46 ` Jonathan Cameron
2023-10-09 18:36 ` Dan Williams
2023-10-11 20:44 ` Jonathan Cameron
2023-10-10 20:21 ` Davidlohr Bueso
2023-10-13 17:20 ` Dave Jiang
2023-10-06 7:26 ` [PATCH v3 08/10] cxl/mem: Fix shutdown order Dan Williams
2023-10-06 7:26 ` [PATCH v3 09/10] tools/testing/cxl: Make cxl_memdev_state available to other command emulation Dan Williams
2023-10-09 3:24 ` Ira Weiny
2023-10-13 17:21 ` Dave Jiang
2023-10-06 7:26 ` [PATCH v3 10/10] tools/testing/cxl: Add 'sanitize notifier' support Dan Williams
2023-10-09 4:25 ` Ira Weiny
2023-10-13 17:25 ` Dave Jiang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=652444042bd98_ae7e7294ad@dwillia2-xfh.jf.intel.com.notmuch \
--to=dan.j.williams@intel.com \
--cc=dave@stgolabs.net \
--cc=ira.weiny@intel.com \
--cc=linux-cxl@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox